Forcing NTLM on IISWebsite

1) Go to IISManager and find the identifier for your Web Site. Click on the web sites folder in IISManager and on the left side you should get the list of web sites and their identifier

(2) Open a command prompt and runt the following 3 commands. Change the <identifier> with the identifier value found in the previous step
cd c:\inetpub\adminscripts
cscript adsutil.vbs set w3svc/<identifier>/root/NTAuthenticationProviders “NTLM”



(1) if you want to set NTLM at a virtual direcotry level then use the below command and replace <virtualdirectoryname> with the virutal directory name
cscript adsutil.vbs set w3svc/<identifier>/root/<virtualdirectoryname>/NTAuthenticationProviders “NTLM”

(2) To revert back to Kerberos use “Negotiate,NTLM” as the parameter

(3) To check what is currently set use the below commands
cscript adsutil.vbs get w3svc/<identifier>/root/NTAuthenticationProviders
cscript adsutil.vbs get w3svc/<identifier>/root/<virtualdirectoryname>/NTAuthenticationProviders

Comments (3)

  1. v-waltmo says:

    If the Virtual directory has a space or two in it the last command will not work even if you put (") around it. SharePoint – 80 as the virtual directory is seen as multiple args:

    cscript adsutil.vbs get w3svc/552499128/root/SharePoint – 80/NTAuthenticationProviders or "w3svc/552499128/root/SharePoint – 80/NTAuthenticationProviders" will not work

  2. Mey M says:

    You should use the id and not the description of the web site